CVE-2024-24566

Improper Access Control in npm/@lobehub/chat

Identifiers

GHSA-pf55-fj96-xf37, CVE-2024-24566

Package Slug

npm/@lobehub/chat

Vulnerability

Improper Access Control

Description

Lobe Chat is a chatbot framework that supports speech synthesis, multimodal, and extensible Function Call plugin system. When the application is password-protected (deployed with the ACCESS_CODE option), it is possible to access plugins without proper authorization (without password). This vulnerability is patched in 0.122.4.

Affected Versions

All versions up to 0.122.3

Solution

Upgrade to version 0.122.4 or above.

Last Modified

2024-02-01

source